Add Clerk Remix example (#186)

Author: Tilican

clerk-remix/.gitignore

@@ -0,0 +1,3 @@
+/.encore
+encore.gen.go
+encore.gen.cue

clerk-remix/README.md

@@ -0,0 +1,123 @@
+# Clerk Remix SDK + Encore App Example
+
+This is an example of how to do user authentication using [Clerk](https://clerk.com/) together with an Encore app.
+Check out the [Use Clerk with your app](https://encore.dev/docs/go/how-to/clerk-auth) guide to learn more about this example.
+
+## Cloning the example
+
+When you have [installed Encore](https://encore.dev/docs/go/install), you can create a new Encore application and clone
+this example by running this command:
+
+```bash
+encore app create my-app --example=clerk-remix
+```
+
+## Clerk Credentials
+
+Create a Clerk account if you haven't already. Then, in the Clerk dashboard, create a new application.
+
+Next, go to the *API Keys* page for your app. Copy the "Publishable Key" and one of the "Secret keys".
+
+In `frontend/.env` file, replace the values for `VITE_CLERK_PUBLISHABLE_KEY` with the value from your Clerk dashboard.
+
+The `Secret key` is sensitive and should not be hardcoded in your code/config. Instead, you should store that as an [Encore secret](https://encore.dev/docs/go/primitives/secrets).
+
+From your terminal (inside your Encore app directory), run:
+
+```shell
+$ encore secret set --prod ClientSecretKey
+```
+
+Next, do the same for the development secret. The most secure way is to create another secret key (Clerk allows you to have multiple).
+Once you have a client secret for development, set it similarly to before:
+
+```shell
+$ encore secret set --dev ClientSecretKey
+```
+
+## Developing locally
+
+Run your Encore backend:
+
+```bash
+encore run
+```
+
+In a different terminal window, run the React frontend using [Remix](https://remix.run/):
+
+```bash
+cd frontend
+npm install
+npm run dev
+```
+
+Open [http://localhost:5173](http://localhost:5173) in your browser to see the result.
+
+### Encore's Local Development Dashboard
+
+While `encore run` is running, open [http://localhost:9400/](http://localhost:9400/) to view Encore's local developer dashboard.
+Here you can see the request you just made and a view a trace of the response.
+
+### Generating a request client
+
+Keep the contract between the backend and frontend in sync by regenerating the request client whenever you make a change
+to an Encore endpoint.
+
+```bash
+npm run gen # Deployed Encore staging environment
+# or
+npm run gen:local # Locally running Encore backend
+```
+
+## Deployment
+
+### Encore
+
+Deploy your backend to a staging environment in Encore's free development cloud:
+
+```bash
+git add -A .
+git commit -m 'Commit message'
+git push encore
+```
+
+Then head over to the [Cloud Dashboard](https://app.encore.dev) to monitor your deployment and find your production URL.
+
+From there you can also see metrics, traces, connect your app to a
+GitHub repo to get automatic deploys on new commits, and connect your own AWS or GCP account to use for deployment.
+
+### Remix on Vercel
+
+1. Create a repo and push the project to GitHub.
+2. Create a new project on Vercel and point it to your GitHup repo.
+3. Select `frontend` as the root directory for the Vercel project.
+4. You may have some warning because the application uses @remix/node and not @remix/vercel
+
+## CORS configuration
+
+If you are running into CORS issues when calling your Encore API from your frontend then you may need to specify which
+origins are allowed to access your API (via browsers). You do this by specifying the `global_cors` key in the `encore.app`
+file, which has the following structure:
+
+```js
+global_cors: {
+  // allow_origins_without_credentials specifies the allowed origins for requests
+  // that don't include credentials. If nil it defaults to allowing all domains
+  // (equivalent to ["*"]).
+  "allow_origins_without_credentials": [
+    "<ORIGIN-GOES-HERE>"
+  ],
+        
+  // allow_origins_with_credentials specifies the allowed origins for requests
+  // that include credentials. If a request is made from an Origin in this list
+  // Encore responds with Access-Control-Allow-Origin: <Origin>.
+  //
+  // The URLs in this list may include wildcards (e.g. "https://*.example.com"
+  // or "https://*-myapp.example.com").
+  "allow_origins_with_credentials": [
+    "<DOMAIN-GOES-HERE>"
+  ]
+}
+```
+
+More information on CORS configuration can be found here: https://encore.dev/docs/go/develop/cors

clerk-remix/backend/admin/admin.go

@@ -0,0 +1,22 @@
+package admin
+
+import (
+	"context"
+
+	a "encore.app/backend/auth"
+	"encore.dev/beta/auth"
+	"encore.dev/rlog"
+)
+
+type DashboardData struct {
+	Value string `json:"value"`
+}
+
+// Endpoints annotated with `auth` are public and requires authentication
+// Learn more: encore.dev/docs/go/primitives/defining-apis#access-controls
+//
+//encore:api auth method=GET path=/admin
+func GetAdminDashboardData(ctx context.Context) (*DashboardData, error) {
+	rlog.Info("Admin dashboard data requested", "user", auth.Data().(*a.UserData))
+	return &DashboardData{Value: "Important stuff"}, nil
+}

clerk-remix/backend/auth/auth.go

@@ -0,0 +1,78 @@
+package auth
+
+import (
+	"context"
+
+	"encore.dev/beta/auth"
+	"encore.dev/beta/errs"
+	"github.com/clerk/clerk-sdk-go/v2/jwt"
+	"github.com/clerk/clerk-sdk-go/v2/user"
+
+	"github.com/clerk/clerk-sdk-go/v2"
+)
+
+var secrets struct {
+	ClientSecretKey string
+}
+
+// Service struct definition.
+// Learn more: encore.dev/docs/primitives/services-and-apis/service-structs
+//
+//encore:service
+type Service struct {
+}
+
+// initService is automatically called by Encore when the service starts up.
+func initService() (*Service, error) {
+	clerk.SetKey(secrets.ClientSecretKey)
+	return &Service{}, nil
+}
+
+type UserData struct {
+	ID                    string                `json:"id"`
+	Username              *string               `json:"username"`
+	FirstName             *string               `json:"first_name"`
+	LastName              *string               `json:"last_name"`
+	ProfileImageURL       *string               `json:"profile_image_url"`
+	PrimaryEmailAddressID *string               `json:"primary_email_address_id"`
+	EmailAddresses        []*clerk.EmailAddress `json:"email_addresses"`
+}
+
+// The `encore:authhandler` annotation tells Encore to run this function for all
+// incoming API call that requires authentication.
+// Learn more: encore.dev/docs/go/develop/auth#the-auth-handler
+//
+//encore:authhandler
+func (s *Service) AuthHandler(ctx context.Context, token string) (auth.UID, *UserData, error) {
+	// verify the session
+	sessClaims, err := jwt.Verify(ctx, &jwt.VerifyParams{
+		Token: token,
+	})
+
+	if err != nil {
+		return "", nil, &errs.Error{
+			Code:    errs.Unauthenticated,
+			Message: "invalid token",
+		}
+	}
+
+	usr, err := user.Get(ctx, sessClaims.Subject)
+	if err != nil {
+		return "", nil, &errs.Error{
+			Code:    errs.Internal,
+			Message: err.Error(),
+		}
+	}
+
+	userData := &UserData{
+		ID:                    usr.ID,
+		Username:              usr.Username,
+		FirstName:             usr.FirstName,
+		LastName:              usr.LastName,
+		ProfileImageURL:       usr.ImageURL,
+		PrimaryEmailAddressID: usr.PrimaryEmailAddressID,
+		EmailAddresses:        usr.EmailAddresses,
+	}
+
+	return auth.UID(usr.ID), userData, nil
+}

clerk-remix/encore.app

@@ -0,0 +1,4 @@
+{
+    // This is just an example so it's not linked to the Encore platform.
+    "id": "",
+}

clerk-remix/frontend/.env.example

@@ -0,0 +1,7 @@
+CLERK_PUBLISHABLE_KEY=pk_test_XX
+CLERK_SECRET_KEY=sk_test_XX
+
+CLERK_SIGN_IN_URL=/sign-in
+CLERK_SIGN_UP_URL=/sign-up
+CLERK_SIGN_IN_FALLBACK_URL=/
+CLERK_SIGN_UP_FALLBACK_URL=/

clerk-remix/frontend/.eslintrc.cjs

@@ -0,0 +1,84 @@
+/**
+ * This is intended to be a basic starting point for linting in your app.
+ * It relies on recommended configs out of the box for simplicity, but you can
+ * and should modify this configuration to best suit your team's needs.
+ */
+
+/** @type {import('eslint').Linter.Config} */
+module.exports = {
+  root: true,
+  parserOptions: {
+    ecmaVersion: "latest",
+    sourceType: "module",
+    ecmaFeatures: {
+      jsx: true,
+    },
+  },
+  env: {
+    browser: true,
+    commonjs: true,
+    es6: true,
+  },
+  ignorePatterns: ["!**/.server", "!**/.client"],
+
+  // Base config
+  extends: ["eslint:recommended"],
+
+  overrides: [
+    // React
+    {
+      files: ["**/*.{js,jsx,ts,tsx}"],
+      plugins: ["react", "jsx-a11y"],
+      extends: [
+        "plugin:react/recommended",
+        "plugin:react/jsx-runtime",
+        "plugin:react-hooks/recommended",
+        "plugin:jsx-a11y/recommended",
+      ],
+      settings: {
+        react: {
+          version: "detect",
+        },
+        formComponents: ["Form"],
+        linkComponents: [
+          { name: "Link", linkAttribute: "to" },
+          { name: "NavLink", linkAttribute: "to" },
+        ],
+        "import/resolver": {
+          typescript: {},
+        },
+      },
+    },
+
+    // Typescript
+    {
+      files: ["**/*.{ts,tsx}"],
+      plugins: ["@typescript-eslint", "import"],
+      parser: "@typescript-eslint/parser",
+      settings: {
+        "import/internal-regex": "^~/",
+        "import/resolver": {
+          node: {
+            extensions: [".ts", ".tsx"],
+          },
+          typescript: {
+            alwaysTryTypes: true,
+          },
+        },
+      },
+      extends: [
+        "plugin:@typescript-eslint/recommended",
+        "plugin:import/recommended",
+        "plugin:import/typescript",
+      ],
+    },
+
+    // Node
+    {
+      files: [".eslintrc.cjs"],
+      env: {
+        node: true,
+      },
+    },
+  ],
+};

clerk-remix/frontend/.gitignore

@@ -0,0 +1,5 @@
+node_modules
+
+/.cache
+/build
+.env

clerk-remix/frontend/app/entry.client.tsx

@@ -0,0 +1,18 @@
+/**
+ * By default, Remix will handle hydrating your app on the client for you.
+ * You are free to delete this file if you'd like to, but if you ever want it revealed again, you can run `npx remix reveal` ✨
+ * For more information, see https://remix.run/file-conventions/entry.client
+ */
+
+import { RemixBrowser } from "@remix-run/react";
+import { startTransition, StrictMode } from "react";
+import { hydrateRoot } from "react-dom/client";
+
+startTransition(() => {
+  hydrateRoot(
+    document,
+    <StrictMode>
+      <RemixBrowser />
+    </StrictMode>
+  );
+});